Accepting request 1031295 from Base:System
- update to 1.14.4 (bsc#1204111, CVE-2022-42010, bsc#1204112, CVE-2022-42011, bsc#1204113, CVE-2022-42012): This is a security update for the dbus 1.14.x stable branch, fixing denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying security hardening (dbus#416). Behaviour changes: * On Linux, dbus-daemon and other uses of DBusServer now create a path-based Unix socket, unix:path=..., when asked to listen on a unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to unix:dir=... on all platforms. Previous versions would have created an abstract socket, unix:abstract=..., in this situation. This change primarily affects the well-known session bus when run via dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring dbus with --enable-user-session and running it on a systemd system, already used path-based Unix sockets and is unaffected by this change. This behaviour change prevents a sandbox escape via the session bus socket in sandboxing frameworks that can share the network namespace with the host system, such as Flatpak. This change might cause a regression in situations where the abstract socket is intentionally shared between the host system and a chroot or container, such as some use-cases of schroot(1). That regression can be resolved by using a bind-mount to share either the D-Bus socket, or the whole /tmp directory, with the chroot or container. (dbus#416, Simon McVittie) * Denial of service fixes: - Evgeny Vereshchagin discovered several ways in which an authenticated local attacker could cause a crash (denial of service) in dbus-daemon --system or a custom DBusServer. In uncommon configurations OBS-URL: https://build.opensuse.org/request/show/1031295 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/dbus-1?expand=0&rev=175
This commit is contained in:
commit
97c139473e
@ -1,3 +1,60 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 26 08:53:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
|
||||||
|
bsc#1204112, CVE-2022-42011,
|
||||||
|
bsc#1204113, CVE-2022-42012):
|
||||||
|
This is a security update for the dbus 1.14.x stable branch, fixing
|
||||||
|
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
|
||||||
|
security hardening (dbus#416).
|
||||||
|
Behaviour changes:
|
||||||
|
* On Linux, dbus-daemon and other uses of DBusServer now create a
|
||||||
|
path-based Unix socket, unix:path=..., when asked to listen on a
|
||||||
|
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
|
||||||
|
unix:dir=... on all platforms.
|
||||||
|
Previous versions would have created an abstract socket, unix:abstract=...,
|
||||||
|
in this situation.
|
||||||
|
This change primarily affects the well-known session bus when run via
|
||||||
|
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
|
||||||
|
dbus with --enable-user-session and running it on a systemd system,
|
||||||
|
already used path-based Unix sockets and is unaffected by this change.
|
||||||
|
This behaviour change prevents a sandbox escape via the session bus socket
|
||||||
|
in sandboxing frameworks that can share the network namespace with the host
|
||||||
|
system, such as Flatpak.
|
||||||
|
This change might cause a regression in situations where the abstract socket
|
||||||
|
is intentionally shared between the host system and a chroot or container,
|
||||||
|
such as some use-cases of schroot(1). That regression can be resolved by
|
||||||
|
using a bind-mount to share either the D-Bus socket, or the whole /tmp
|
||||||
|
directory, with the chroot or container.
|
||||||
|
(dbus#416, Simon McVittie)
|
||||||
|
* Denial of service fixes:
|
||||||
|
- Evgeny Vereshchagin discovered several ways in which an authenticated
|
||||||
|
local attacker could cause a crash (denial of service) in
|
||||||
|
dbus-daemon --system or a custom DBusServer. In uncommon configurations
|
||||||
|
these could potentially be carried out by an authenticated remote attacker.
|
||||||
|
- An invalid array of fixed-length elements where the length of the array
|
||||||
|
is not a multiple of the length of the element would cause an assertion
|
||||||
|
failure in debug builds or an out-of-bounds read in production builds.
|
||||||
|
This was a regression in version 1.3.0.
|
||||||
|
(dbus#413, CVE-2022-42011; Simon McVittie)
|
||||||
|
- A syntactically invalid type signature with incorrectly nested parentheses
|
||||||
|
and curly brackets would cause an assertion failure in debug builds.
|
||||||
|
Similar messages could potentially result in a crash or incorrect message
|
||||||
|
processing in a production build, although we are not aware of a practical
|
||||||
|
example. (dbus#418, CVE-2022-42010; Simon McVittie)
|
||||||
|
- A message in non-native endianness with out-of-band Unix file descriptors
|
||||||
|
would cause a use-after-free and possible memory corruption in production
|
||||||
|
builds, or an assertion failure in debug builds. This was a regression in
|
||||||
|
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
|
||||||
|
- Preserve errno on failure to open /proc/self/oom_score_adj
|
||||||
|
(dbus!285, Gentoo#834725; Mike Gilbert)
|
||||||
|
- On Linux, don't log warnings if oom_score_adj is read-only but does not
|
||||||
|
need to be changed (dbus!291, Simon McVittie)
|
||||||
|
- Slightly improve error-handling for inotify
|
||||||
|
(dbus!235, Simon McVittie)
|
||||||
|
- Don't crash if dbus-daemon is asked to watch more than 128 directories
|
||||||
|
for changes (dbus!302, Jan Tojnar)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Oct 15 18:13:18 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
Sat Oct 15 18:13:18 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
%global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release}
|
%global _backup %{_sysconfdir}/sysconfig/services.rpmbak.%{name}-%{version}-%{release}
|
||||||
%bcond_without selinux
|
%bcond_without selinux
|
||||||
Name: dbus-1-devel-doc
|
Name: dbus-1-devel-doc
|
||||||
Version: 1.14.0
|
Version: 1.14.4
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: Developer documentation package for D-Bus
|
Summary: Developer documentation package for D-Bus
|
||||||
License: AFL-2.1 OR GPL-2.0-or-later
|
License: AFL-2.1 OR GPL-2.0-or-later
|
||||||
|
@ -1,3 +1,60 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 26 08:53:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
|
||||||
|
bsc#1204112, CVE-2022-42011,
|
||||||
|
bsc#1204113, CVE-2022-42012):
|
||||||
|
This is a security update for the dbus 1.14.x stable branch, fixing
|
||||||
|
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
|
||||||
|
security hardening (dbus#416).
|
||||||
|
Behaviour changes:
|
||||||
|
* On Linux, dbus-daemon and other uses of DBusServer now create a
|
||||||
|
path-based Unix socket, unix:path=..., when asked to listen on a
|
||||||
|
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
|
||||||
|
unix:dir=... on all platforms.
|
||||||
|
Previous versions would have created an abstract socket, unix:abstract=...,
|
||||||
|
in this situation.
|
||||||
|
This change primarily affects the well-known session bus when run via
|
||||||
|
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
|
||||||
|
dbus with --enable-user-session and running it on a systemd system,
|
||||||
|
already used path-based Unix sockets and is unaffected by this change.
|
||||||
|
This behaviour change prevents a sandbox escape via the session bus socket
|
||||||
|
in sandboxing frameworks that can share the network namespace with the host
|
||||||
|
system, such as Flatpak.
|
||||||
|
This change might cause a regression in situations where the abstract socket
|
||||||
|
is intentionally shared between the host system and a chroot or container,
|
||||||
|
such as some use-cases of schroot(1). That regression can be resolved by
|
||||||
|
using a bind-mount to share either the D-Bus socket, or the whole /tmp
|
||||||
|
directory, with the chroot or container.
|
||||||
|
(dbus#416, Simon McVittie)
|
||||||
|
* Denial of service fixes:
|
||||||
|
- Evgeny Vereshchagin discovered several ways in which an authenticated
|
||||||
|
local attacker could cause a crash (denial of service) in
|
||||||
|
dbus-daemon --system or a custom DBusServer. In uncommon configurations
|
||||||
|
these could potentially be carried out by an authenticated remote attacker.
|
||||||
|
- An invalid array of fixed-length elements where the length of the array
|
||||||
|
is not a multiple of the length of the element would cause an assertion
|
||||||
|
failure in debug builds or an out-of-bounds read in production builds.
|
||||||
|
This was a regression in version 1.3.0.
|
||||||
|
(dbus#413, CVE-2022-42011; Simon McVittie)
|
||||||
|
- A syntactically invalid type signature with incorrectly nested parentheses
|
||||||
|
and curly brackets would cause an assertion failure in debug builds.
|
||||||
|
Similar messages could potentially result in a crash or incorrect message
|
||||||
|
processing in a production build, although we are not aware of a practical
|
||||||
|
example. (dbus#418, CVE-2022-42010; Simon McVittie)
|
||||||
|
- A message in non-native endianness with out-of-band Unix file descriptors
|
||||||
|
would cause a use-after-free and possible memory corruption in production
|
||||||
|
builds, or an assertion failure in debug builds. This was a regression in
|
||||||
|
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
|
||||||
|
- Preserve errno on failure to open /proc/self/oom_score_adj
|
||||||
|
(dbus!285, Gentoo#834725; Mike Gilbert)
|
||||||
|
- On Linux, don't log warnings if oom_score_adj is read-only but does not
|
||||||
|
need to be changed (dbus!291, Simon McVittie)
|
||||||
|
- Slightly improve error-handling for inotify
|
||||||
|
(dbus!235, Simon McVittie)
|
||||||
|
- Don't crash if dbus-daemon is asked to watch more than 128 directories
|
||||||
|
for changes (dbus!302, Jan Tojnar)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Oct 15 18:12:08 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
Sat Oct 15 18:12:08 UTC 2022 - Bjørn Lie <bjorn.lie@gmail.com>
|
||||||
|
|
||||||
|
@ -23,7 +23,7 @@
|
|||||||
%endif
|
%endif
|
||||||
%bcond_without selinux
|
%bcond_without selinux
|
||||||
Name: dbus-1-x11
|
Name: dbus-1-x11
|
||||||
Version: 1.14.0
|
Version: 1.14.4
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: D-Bus Message Bus System
|
Summary: D-Bus Message Bus System
|
||||||
License: AFL-2.1 OR GPL-2.0-or-later
|
License: AFL-2.1 OR GPL-2.0-or-later
|
||||||
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:ccd7cce37596e0a19558fd6648d1272ab43f011d80c8635aea8fd0bad58aebd4
|
|
||||||
size 1360228
|
|
@ -1,16 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
|
|
||||||
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmIcxWIACgkQ4FrhR4+B
|
|
||||||
TE+qGBAAhuMFDt8cwBPTGewD6vLPoVhL348QWv5jZBNFtFXzLgf8cYOqHOY/ZTfn
|
|
||||||
FmBhEziqTTr3eLUrRm71vqnTkq2mvEpQ0BGpmTD2rXbw7uluSEwX7JjA643LYo/e
|
|
||||||
XuxCGkNLDi+UOOu96DmLdHtxxX++BHvA9T29oYhE4ZtvUMyWKzCNFUlO97vy4F0p
|
|
||||||
5stUJ7lWtTnM5pKo7WL+gT0HLOp6ygAdzqFuKexToEowpHQ0nH57HjFUSbNCNjqY
|
|
||||||
TYyaFz1H0208iR0hqxiCHGTB5pgCBqXOceqaUGJVRX9mRqjr8MEvbzHV/SFkamsZ
|
|
||||||
cRaYa7k9x4IYtnIX5sotfBALo/RdwjpuytXD6JCdQP1h3cm7zrRY3VAmGJ7lZrwx
|
|
||||||
b+0Wi/9w1eDHUPnSB8z6dVMSNE+EaWLz21fpdAHj+IcXpJzbJ25fdvTU6hiTB+CB
|
|
||||||
Lm7ilO0CIYhNFzx7Ir95lT+8DuNOOCYlRLQtahbTUyYmfXmB+91PXIdl2LcOfyl0
|
|
||||||
8hwC09mALt/GBOaOQUHquRNZmkwsbA/EUfgfhhvuSA3mWH1SRHZ9ado7CD8Vyq8+
|
|
||||||
9rySEY5HvOQ/EmClrsksIqHiSeFrzp6a5PbRIYGTUPsyD1NDPOQI8l9XLIJozGEo
|
|
||||||
Lt88atg/ZuBbJtCl5GoynLU4OG5aHYJ4hBaPPuLX9vpSSZKJD8k=
|
|
||||||
=hg/h
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
dbus-1.14.4.tar.xz
Normal file
3
dbus-1.14.4.tar.xz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:7c0f9b8e5ec0ff2479383e62c0084a3a29af99edf1514e9f659b81b30d4e353e
|
||||||
|
size 1368196
|
16
dbus-1.14.4.tar.xz.asc
Normal file
16
dbus-1.14.4.tar.xz.asc
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
|
||||||
|
iQIzBAABCAAdFiEENuxaZEik9e95vv6Y4FrhR4+BTE8FAmM9YggACgkQ4FrhR4+B
|
||||||
|
TE9JAg/8CTXHPUehTP0j88B4p8CkPbG3HH8eS0XKgAAuKN2YjOHSxtX4+2rkL2Ga
|
||||||
|
t53EJo4dTeyeRmRuVGUhrUn548Btu8WkhsLqLaWjJ2941obXHW2jkmBRwX8afBhE
|
||||||
|
2cBbo2HtJIX4l5+d88DnOVsF9i4JLmBBkpSkQiEZrFbmQvT1kfL1LI2yySiAQjlC
|
||||||
|
SB4RQbJGjBiMZziarSHHw8Ttiw3WEvVeInpGGibdHvHJXqvnkuzPNQAfmVWB2UqN
|
||||||
|
kWbsWpjAS2A7epVew1VVrgr3hyxGkBwOYPuU5wXHkHmvchv5cBQ40HLFqn82lQ05
|
||||||
|
eVFMkbxDEd7+/BSzVBVaElYB9lpqWT95h/dYqMcVsKH4cdQAYAGmVQ/4JnMENbGT
|
||||||
|
sj2zLlpYwwHjDumzPG43ZSnaaRCFJ0hvWGMNo4kHP7c97OIronlCOX9YFPYQJg5B
|
||||||
|
TKPXnK3GgL3Htr5cQhR17LFUnOPdH79KQi8Q6e6N4iASfkrgApnvgDr4aZBuafTm
|
||||||
|
1N/P730mtTgTniTWyfUOPkAAmvoCtBzcq74IXIhFXGiCbUpNI/nLdd4NG5CG2kIp
|
||||||
|
HOIFkereXW48UopGx7T4m6RCyLjziOdjmKpewu9OC1ECyh/TkIoKhm6IHg3m7JmT
|
||||||
|
sNPcwoO5xx7dRinIci/Npw0Dlf3eaRRruJVw9yJYR9HEom7byws=
|
||||||
|
=foU5
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,3 +1,60 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Oct 26 08:53:48 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
- update to 1.14.4 (bsc#1204111, CVE-2022-42010,
|
||||||
|
bsc#1204112, CVE-2022-42011,
|
||||||
|
bsc#1204113, CVE-2022-42012):
|
||||||
|
This is a security update for the dbus 1.14.x stable branch, fixing
|
||||||
|
denial-of-service issues (CVE-2022-42010, -42011, -42012) and applying
|
||||||
|
security hardening (dbus#416).
|
||||||
|
Behaviour changes:
|
||||||
|
* On Linux, dbus-daemon and other uses of DBusServer now create a
|
||||||
|
path-based Unix socket, unix:path=..., when asked to listen on a
|
||||||
|
unix:tmpdir=... address. This makes unix:tmpdir=... equivalent to
|
||||||
|
unix:dir=... on all platforms.
|
||||||
|
Previous versions would have created an abstract socket, unix:abstract=...,
|
||||||
|
in this situation.
|
||||||
|
This change primarily affects the well-known session bus when run via
|
||||||
|
dbus-launch(1) or dbus-run-session(1). The user bus, enabled by configuring
|
||||||
|
dbus with --enable-user-session and running it on a systemd system,
|
||||||
|
already used path-based Unix sockets and is unaffected by this change.
|
||||||
|
This behaviour change prevents a sandbox escape via the session bus socket
|
||||||
|
in sandboxing frameworks that can share the network namespace with the host
|
||||||
|
system, such as Flatpak.
|
||||||
|
This change might cause a regression in situations where the abstract socket
|
||||||
|
is intentionally shared between the host system and a chroot or container,
|
||||||
|
such as some use-cases of schroot(1). That regression can be resolved by
|
||||||
|
using a bind-mount to share either the D-Bus socket, or the whole /tmp
|
||||||
|
directory, with the chroot or container.
|
||||||
|
(dbus#416, Simon McVittie)
|
||||||
|
* Denial of service fixes:
|
||||||
|
- Evgeny Vereshchagin discovered several ways in which an authenticated
|
||||||
|
local attacker could cause a crash (denial of service) in
|
||||||
|
dbus-daemon --system or a custom DBusServer. In uncommon configurations
|
||||||
|
these could potentially be carried out by an authenticated remote attacker.
|
||||||
|
- An invalid array of fixed-length elements where the length of the array
|
||||||
|
is not a multiple of the length of the element would cause an assertion
|
||||||
|
failure in debug builds or an out-of-bounds read in production builds.
|
||||||
|
This was a regression in version 1.3.0.
|
||||||
|
(dbus#413, CVE-2022-42011; Simon McVittie)
|
||||||
|
- A syntactically invalid type signature with incorrectly nested parentheses
|
||||||
|
and curly brackets would cause an assertion failure in debug builds.
|
||||||
|
Similar messages could potentially result in a crash or incorrect message
|
||||||
|
processing in a production build, although we are not aware of a practical
|
||||||
|
example. (dbus#418, CVE-2022-42010; Simon McVittie)
|
||||||
|
- A message in non-native endianness with out-of-band Unix file descriptors
|
||||||
|
would cause a use-after-free and possible memory corruption in production
|
||||||
|
builds, or an assertion failure in debug builds. This was a regression in
|
||||||
|
version 1.3.0. (dbus#417, CVE-2022-42012; Simon McVittie)
|
||||||
|
- Preserve errno on failure to open /proc/self/oom_score_adj
|
||||||
|
(dbus!285, Gentoo#834725; Mike Gilbert)
|
||||||
|
- On Linux, don't log warnings if oom_score_adj is read-only but does not
|
||||||
|
need to be changed (dbus!291, Simon McVittie)
|
||||||
|
- Slightly improve error-handling for inotify
|
||||||
|
(dbus!235, Simon McVittie)
|
||||||
|
- Don't crash if dbus-daemon is asked to watch more than 128 directories
|
||||||
|
for changes (dbus!302, Jan Tojnar)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 13 07:29:57 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
Thu Oct 13 07:29:57 UTC 2022 - Dirk Müller <dmueller@suse.com>
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@
|
|||||||
%define _libname libdbus-1-3
|
%define _libname libdbus-1-3
|
||||||
%bcond_without selinux
|
%bcond_without selinux
|
||||||
Name: dbus-1
|
Name: dbus-1
|
||||||
Version: 1.14.0
|
Version: 1.14.4
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: D-Bus Message Bus System
|
Summary: D-Bus Message Bus System
|
||||||
License: AFL-2.1 OR GPL-2.0-or-later
|
License: AFL-2.1 OR GPL-2.0-or-later
|
||||||
|
Loading…
Reference in New Issue
Block a user